Stolen credit card credentials make up the most common method that cyber criminals use to pay for Internet hosting services, says a security company.
In order to facilitate the spread of malware online, cyber criminals rely on bulletproof hosting services (BPHS) in an underground economy.
“Cyber criminals can use stolen credit card credentials to finance their BPHS use. Cyber criminals can purchase stolen credentials underground,” said Max Goncharov, a researcher at Trend Micro.
Hackers who hit cheating website AshleyMadison.com, for example, publicly posted online around 9,7GB of data that included names and credit card details.
Goncharov said it is easy for criminals to obtain personal and financial data from unsuspecting users.
“It’s possible for them to do further targeted social engineering to pry more information out of credit card owners. They can call them up, request copies of their IDs, or falsify email confirmations to complete the data they need so they can use the credit card credentials for malicious purposes.”
BPHS are essential to the underground cybercrime industry because they allow criminals to host child pornography as well as malware and botnet command-and-control software in servers located mainly in China, Bolivia, Iran and Ukraine.
BPHS costs start at around US$2/month and climb to $300, depending on the sensitivity of the content being hosted.
The financial industry should invest in improved technology to limit the ability of cyber criminals to operate with BPHS, said Goncharov.
“It’s best for the financial industry to invest more in personal identification to avoid these kinds of fraud.”
In South Africa, the Electronic Communications and Transactions Act of 2002 makes it illegal for providers to host malicious content, and Goncharov said that there was no direct evidence that South Africa was a hub for these kinds of services.
However, he warned that the government should actively collaborate with international partners to limit the ability of cyber criminals to operate.
“Governments should still have fast and assured implementations against BPHS. They should work closely with other law enforcement agencies that concentrate on taking down these types of services.” — Fin24